On Mon, 17 Dec 2001 14:49:35 +1000 Mike McCormack mike_mccormack@start.com.au wrote:
Did you try running wine with -winver win98?
Yes, Shrinker tries to load a VXD which is not allowed under Wine. At first I was going to implement a special Shrinker VXD replacement for Wine, but then I found that it wouldn't try to load the VXD under --winver nt40. Thus, I figured I would try to resolve the problems with running under nt40, since that would (at least theoretically) improve the existing functionality of Wine, rather than add new functionality.
Did you try finding an Un-Shrinker? A quick
search using google turned
up a few candidates. Haven't tried any out though.
Yes, I've looked at them. They all seem to be h4x0r toolz with no source code.
Some new news on the Shrinker front. I've managed to determine, for the most part, what Shrinker's exception filter function does. It's a minefield! Recall that earlier I said it was looking for a magic signature in ntdll.dll. I found all of the landmines.
The first landmine makes sure the exception handler was called with the code "call ecx". If not, the process dies.
Next, we read 8 bytes from the process around that location. If the read fails, the process dies.
If the code starting with the call is not FF D1 64 8B 25 or FF D1 64 8B 0D, the process dies.
It then tries to allocate some memory, and copies some of the process code into that memory. If the allocation fails, the process dies.
With that in mind, it seems that the only thing it's really looking for is that signature. So one idea that I had is a "Shrinker fixer". When Wine loads an executable, it would look for this specific exception handling code, and then NOP out the checks.
Is that a reasonable approach?
--Rob